Last updated: April 30, 2026
Citadex ("we", "us", "our") operates the website https://citadex.io and provides an AI Engine Optimization SaaS platform. This Privacy Policy explains how we collect, use, and protect your personal information.
For privacy-related inquiries, contact us at: support@citadex.io
Account Information: When you register, we collect your name, email address, and password (stored as a bcrypt hash).
Usage Data: We collect information about how you interact with our platform, including pages visited, features used, and scan activity.
Payment Information: Payments are processed by Stripe. We do not store your credit card details. Stripe's privacy policy applies to payment data.
Project Data: URLs, domain names, and brand information you enter for AEO analysis.
Third-Party Integration Data: When you connect a third-party account (such as Google Search Console), we receive OAuth access tokens, refresh tokens, and the data those APIs expose (e.g. site list, search performance, indexing status). See Section 5 for details specific to Google user data.
Log Data: IP address, browser type, referring URLs, and access timestamps collected automatically.
We use your information to:
• Provide, maintain, and improve the Citadex service
• Process payments and manage subscriptions
• Send service-related emails (account confirmations, alerts, scan reports)
• Respond to customer support requests
• Monitor and analyze usage to improve our platform
• Comply with legal obligations
We do not sell your personal data. We may share data with:
• Supabase — database hosting and authentication
• Stripe — payment processing
• Resend — transactional email delivery
• Vercel — cloud hosting and deployment
• Anthropic / OpenAI / Google — AI analysis (only the content you submit for scanning)
We require all third-party providers to maintain appropriate security measures.
When you connect a Google account to Citadex, we access data from Google APIs strictly to provide the integration features you enabled. Our handling of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.
Google Services We Access:
• Google Search Console API — to read your verified site list, search performance metrics (clicks, impressions, queries), and indexing status, and to resubmit your sitemaps so Google re-crawls newly published or updated content
OAuth Scopes Requested:
• .../auth/webmasters — read Search Console data for your verified properties and resubmit sitemaps to trigger re-crawling
• openid, email — identify which Google account you connected
How We Use Google User Data:
• Display your Search Console properties and search performance inside Citadex
• Resubmit your sitemap when you publish or update content through Citadex so Google discovers the changes faster
We do not use Google user data for any purpose other than providing these integration features.
Storage and Protection:
• Access tokens and refresh tokens are stored encrypted at rest in our Supabase database, scoped to your Citadex account
• Tokens are transmitted only over HTTPS/TLS and are never exposed to other users, logs, or analytics tools
• Only automated systems access Google user data; no Citadex employee reads it except as described below
Data Retention and Deletion:
• Tokens and Google-derived data are retained only while the integration is connected
• You can disconnect at any time from the /integrations page — tokens are deleted from our database immediately
• You can also revoke Citadex's access directly at myaccount.google.com/permissions
• When you delete your Citadex account, all Google user data we hold is deleted within 30 days
Limited Use Disclosure:
Citadex's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
• We do not use Google user data to serve advertisements
• We do not sell Google user data
• We do not transfer Google user data to third parties, except as necessary to provide or improve user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with user notice
• We do not allow humans to read Google user data except (a) with your explicit consent, (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized for internal operations
Citadex offers an optional Chrome browser extension, "Citadex Publisher", that auto-fills articles you generated in Citadex into the new-post editors of supported publishing platforms (Medium, Substack, Dev.to, Hashnode, WordPress, Ghost, HubSpot, LinkedIn). This section describes data handling specific to that extension.
What the extension accesses:
• The article title and body you choose to publish (passed from the Citadex web app to the extension via chrome.runtime.sendMessage)
• The active browser tab and the URL of the editor page on the destination platform, only when you initiate a publish
What the extension does NOT access:
• Your passwords for any platform — the extension relies on your existing logged-in browser session and never reads credentials
• Any API tokens, OAuth tokens, or authentication cookies on the platforms
• Your browsing history, browsing activity, or any page outside the supported editor URLs
• Any personally identifiable information beyond what you place in the article body
How long article content is held:
Article content is kept in the extension's service worker memory only while the destination tab is filling, keyed by tab ID. As soon as the tab is filled (or the operation fails or the tab is closed), the entry is discarded. Nothing is written to chrome.storage, IndexedDB, cookies, or local files.
What is transmitted off your device:
Nothing. The extension does not send article content to Citadex servers, to platform APIs, or to any third party. The extension only opens the destination platform's editor URL in your browser and pastes the content locally — exactly the operations you would perform manually.
Permissions the extension requests:
• tabs — to open the destination platform's editor URL in a new tab
• webNavigation — to detect single-page-app navigation on platforms like Hashnode, Substack, Medium, LinkedIn, Ghost, and HubSpot, so the editor adapter can run on the editor URL
• scripting — to inject the editor adapter after SPA navigation on the supported platforms
• Host permissions for the supported publishing platforms only — the extension is not active on any other site
Pairing with your Citadex account:
Communication between the Citadex web app and the extension is restricted by Chrome's externally_connectable manifest field to citadex.io only. No other website can talk to the extension.
Removing the extension:
Uninstalling the extension from chrome://extensions removes all extension data immediately. Disabling the integration inside Citadex Channel Settings stops Citadex from sending publish requests to the extension.
We retain your account data for as long as your account is active. Scan results and project data are retained for the duration of your subscription. You may request deletion of your data at any time by contacting support@citadex.io.
We use essential cookies for authentication (NextAuth session cookies) and functional cookies to remember your preferences (language, theme). We do not use advertising or tracking cookies.
Depending on your location, you may have the right to:
• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing
• Data portability
To exercise these rights, email us at support@citadex.io.
We implement industry-standard security measures including encrypted data transmission (HTTPS/TLS), hashed passwords, encrypted storage of third-party OAuth tokens, and access controls. However, no method of transmission over the internet is 100% secure.
Our service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children.
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice on our platform. Continued use of the service after changes constitutes acceptance.
For any questions about this Privacy Policy:
Citadex
Email: support@citadex.io
Website: https://citadex.io